About this Legal Counsel role at SimplePractice
About SimplePractice
At SimplePractice, we are improving access to quality care by equipping health and wellness clinicians with all the tools they need to thrive in private practice.
More than 250,000 providers trust SimplePractice to build their business through our industry-leading software with powerful tools that simplify every part of practice management. From admin work to clinical care, our suite of innovative solutions work together to reduce administrative burden—empowering solo and small group practitioners to thrive alongside their clients.
Award-winning and people-first, SimplePractice is shaping the future of health tech. Recognized by MedTech Breakthrough, the Digital Health Awards, and BuiltIn's Best Places to Work.
The Role
We're looking for a Legal Counsel to join our Legal team and serve as a trusted advisor across product development, privacy, regulatory compliance, and commercial contracting. You'll work closely with product, engineering, marketing, and business teams to help SimplePractice grow responsibly while staying true to our mission of supporting independent mental health practitioners and their clients.
This role touches every part of the business. You'll shape how we build products, protect client data, evaluate new partnerships, and respond to a rapidly evolving regulatory environment, particularly around AI in mental healthcare and digital health privacy. If you want high-impact, cross-functional legal work at a company whose mission matters, this is it.
Key Responsibilities
Product and Regulatory Counsel
- Serve as a legal advisor to product and engineering teams, providing guidance on new features, product launches, and platform changes
- Conduct regulatory impact assessments for new product initiatives, with a particular focus on responsible AI use in healthcare technology
- Monitor and analyze emerging SaaS, AI, and digital health regulations that affect SimplePractice's platform and the mental health technology space more broadly
- Review marketing materials, website content, and promotional assets to confirm alignment with healthcare advertising regulations, FTC guidelines, and platform-specific requirements
Privacy
- Conduct impact assessments for new and existing product features, with a primary focus on HIPAA (Privacy Rule, Security Rule, and Breach Notification Rule)
- Advise on data collection, use, storage, and sharing practices across the platform, including the EHR and client portal
- Support incident response processes and breach notification obligations
- Stay current on federal and state privacy developments (including state health data laws, CCPA/CPRA, and sector-specific requirements) and translate regulatory changes into actionable guidance for cross-functional teams
- Collaborate with Compliance, Security, Data, and Engineering teams on data protection practices and compliance documentation
Contracting and Partnerships
- Draft, review, and negotiate a range of commercial agreements, including customer contracts, SaaS subscription agreements, BAAs, vendor contracts, partnership agreements, and data processing agreements
- Evaluate potential business partners and vendors through legal review
- Manage contract lifecycle processes and maintain accessible records of key agreements
Policy and Terms Development
- Draft, update, and maintain SimplePractice's privacy policies, terms of service, acceptable use policies, and related user-facing legal documents
- Develop internal policies, playbooks, and training materials on privacy, data handling, AI governance, and regulatory compliance
- Build scalable legal processes and templates that help the business move quickly without sacrificing compliance
Required Qualifications
- J.D. from an accredited law school and active membership in good standing with at least one U.S. state bar (California bar membership or eligibility preferred)
- 7-8+ years of legal experience, with meaningful exposure to healthcare privacy (HIPAA), technology transactions, or SaaS/digital health product counseling; a combination of law firm and in-house experience is ideal
- Working knowledge of HIPAA, including the Privacy Rule, Security Rule, and Breach Notification Rule
- Experience drafting and negotiating technology agreements (SaaS, licensing, vendor, and data processing agreements)
- Ability to translate legal and regulatory requirements into clear, practical guidance for non-legal stakeholders
- Strong judgment and comfort operating independently in a fast-paced environment with competing priorities
Preferred Qualifications
- CIPP/US or other privacy certification
- Experience with HIPAA and healthcare privacy laws
- Experience advising on AI/ML products in a regulated industry, including familiarity with emerging AI governance frameworks
- Experience with state consumer health data privacy laws (Washington MHMD Act, Connecticut, Nevada, and similar)
- Experience building legal processes, templates, and resources from the ground up
Skills & Competencies
- Business judgment: You think like a business partner first. You identify risk clearly, propose practical solutions, and help stakeholders make informed decisions rather than defaulting to "no."
- Clarity of communication: You can explain a regulatory requirement to an engineer, summarize contract risk for a sales lead, and draft a policy that any employee can understand, all in the same week.
- Adaptability: You are comfortable shifting between legal disciplines and working in areas where you may not yet be an expert. You learn quickly and ask the right questions.
- Efficiency and ownership: You manage your workload independently, build repeatable processes where possible, and know when to escalate or bring in outside help.
- Cultural alignment: You value transparency, directness, and simplicity. You do not over-complicate things. You are collaborative, low-ego, and energized by working with people who care about their customers.
Base salary is one component of total compensation. Employees may also be eligible for an annual bonus or commission. Some roles may also be eligible for overtime pay.
The amount below represents the expected annual base compensation range for this job requisition. Ultimately, in determining your pay, we’ll consider many factors including, but not limited to, skills, experience, qualifications, geographic location, and other job-related factors.